Win Vista Built-In Security: What do you use?

Discussion in 'polls' started by bktII, Apr 25, 2008.


Win Vista Built-In Security: What do you use?

  1. Windows Firewall

    24 vote(s)
  2. Windows Update

    28 vote(s)
  3. User Account Control ( UAC )

    23 vote(s)
  4. Software Restiction Policy ( SRP ) ( Vista Business and Ultimate only )

    2 vote(s)
  5. Standard User Account ( i.e., Non-Administrator User Account )

    6 vote(s)
  6. Parental Controls ( Standard User Accounts only )

    3 vote(s)
  7. Software Data Execution Prevention ( DEP )

    18 vote(s)
  8. Microsoft Windows Defender ( Not disabled and you use it )

    12 vote(s)
  9. IE 7 Protected Mode ( Your default browser is IE 7 and you use it without virtualization software )

    13 vote(s)
  10. Other Vista Security ( e.g., Tweaking; Please provide explanation )

    9 vote(s)
Multiple votes are allowed.
Thread Status:
Not open for further replies.
  1. bktII

    bktII Registered Member

    Apr 12, 2006
    For those using Windows Vista, what built-in security features are you using?

    * Also, please provide your Windows Vista version(s) *


    * Windows Vista Home Premium SP1 *

    Windows Firewall - For inbound, I have no exceptions. For outbound, I use the free Sphinx-Soft Vista Firewall Control Application Protection. This is not built-in, but makes Vista's outbound capabilities more accessible. ( Not unlike Firestarter and Lokkit for iptables in Linux. )

    Windows Update - Set to "Automatic" with "Notify but do not download or install"; I usually apply updates when notified

    Software DEP - Set to "All programs and services except those I select" ( I have no exceptions )

    Parental Controls - Set to default-deny for *.exe files; Monitor allowed and blocked executables; Monitor web sites visited

    Microsoft Windows Defender - All real-time protection features are enabled ( I must admit that I like the services/driver installation notification, program start on system startup notification and option to permit/deny ); Infrequent scans

    IE 7 Protected Mode - Enabled, but I use a 3rd party web browser with 3rd party application virtualization software

    Other Vista Security - Tweaking; I disabled some services ( via services.msc ): "Computer Browser", "Remote Registry", "Server", "Smart Card", "Smart Card Removal Policy", "SSDP Discovery", "TCP/IP NetBIOS Helper", "Terminal Services", "Terminal Services Configuration", "UPnP Device Host", "WebClient" and "Windows Remote Management"; set to "Disable TCP/IP over NetBIOS" in network connections; Disabled "Remote Assistance"
  2. WSFuser

    WSFuser Registered Member

    Oct 7, 2004
    Vista Business SP1

    Windows Firewall
    Windows Update
    Service tweaking (from
  3. sukarof

    sukarof Registered Member

    Jun 22, 2004
    Stockholm Sweden
    Vista 32 Ultimate
    Automatic updates (Download but dont install)
    Software Restriction Policy
    DEP windows services
    IE7 protected mode the few times I use it.
  4. Dark Shadow

    Dark Shadow Registered Member

    Oct 11, 2007
    Vista Home Premium Firewall
    3.UAC/protection mode On
    4.Auto Updates
  5. Osaban

    Osaban Registered Member

    Apr 11, 2005
    Vista Ultimate SP1

    Windows Firewall
    Windows Update (notify)
    Software DEP (All programs)
    Windows Defender (on)
  6. ASpace

    ASpace Guest

    • Windows Firewall
    • Windows Firewall with Advanced Security
    • Windows Update
    • User Account Control
    • DEP
    • IE7 is my onliest browser and has Protected mode enabled
    • Other tweaking

    Using Windows Vista Home Premium with Service Pack 1.

    I am too young to have kids but I find parental control very useful and have intensions to use it in future :D I would also use Software Restriction Policy if I had Ultimate or Business editions + I'd use Standart user account if someone else uses my PC (but for now the laptop which has Vista is my personal) .
    Last edited by a moderator: May 1, 2008
  7. RAD

    RAD Registered Member

    Apr 2, 2007
    AVG Free addition, in addition to 1,2,3...6,7,8
  8. bktII

    bktII Registered Member

    Apr 12, 2006

    • Microsoft has placed 'default deny' in what they refer to as "Parental Controls". This is especially true for Vista Home Basic and Home Premium. Unfortunately, this means that a lot of adults will probably not use it. However, Microsoft did well to include this capability in Windows Vista.

      Here is a link that has been posted here at Wilders before, but am posting it again as it is very good:
      "The Six Dumbest Ideas in Computer Security
      "#1) Default Permit

      "This dumb idea crops up in a lot of different forms; it's incredibly persistent and difficult to eradicate. Why? Because it's so attractive. Systems based on "Default Permit" are the computer security equivalent of empty calories: tasty, yet fattening.

      "The most recognizable form in which the "Default Permit" dumb idea manifests itself is in firewall rules. Back in the very early days of computer security, network managers would set up an internet connection and decide to secure it by turning off incoming telnet, incoming rlogin, and incoming FTP. Everything else was allowed through, hence the name "Default Permit." This put the security practitioner in an endless arms-race with the hackers. Suppose a new vulnerability is found in a service that is not blocked - now the administrators need to decide whether to deny it or not, hopefully, before they got hacked. A lot of organizations adopted "Default Permit" in the early 1990's and convinced themselves it was OK because "hackers will never bother to come after us." The 1990's, with the advent of worms, should have killed off "Default Permit" forever but it didn't. In fact, most networks today are still built around the notion of an open core with no segmentation. That's "Default Permit."

      "Another place where "Default Permit" crops up is in how we typically approach code execution on our systems. The default is to permit anything on your machine to execute if you click on it, unless its execution is denied by something like an antivirus program or a spyware blocker. If you think about that for a few seconds, you'll realize what a dumb idea that is. On my computer here I run about 15 different applications on a regular basis. There are probably another 20 or 30 installed that I use every couple of months or so. I still don't understand why operating systems are so dumb that they let any old virus or piece of spyware execute without even asking me. That's "Default Permit."

      "A few years ago I worked on analyzing a website's security posture as part of an E-banking security project. The website had a load-balancer in front of it, that was capable of re-vectoring traffic by URL, and my client wanted to use the load-balancer to deflect worms and hackers by re-vectoring attacks to a black hole address. Re-vectoring attacks would have meant adopting a policy of "Default Permit" (i.e.: if it's not a known attack, let it through) but instead I talked them into adopting the opposite approach. The load-balancer was configured to re-vector any traffic not matching a complete list of correctly-structured URLs to a server that serves up image data and 404 pages, which is running a special locked-down configuration. Not surprisingly, that site has withstood the test of time quite well.

      "One clear symptom that you've got a case of "Default Permit" is when you find yourself in an arms race with the hackers. It means that you've put yourself in a situation where what you don't know can hurt you, and you'll be doomed to playing keep ahead/catch-up.

      "The opposite of "Default Permit" is "Default Deny" and it is a really good idea. It takes dedication, thought, and understanding to implement a "Default Deny" policy, which is why it is so seldom done. It's not that much harder to do than "Default Permit" but you'll sleep much better at night.
  9. TairikuOkami

    TairikuOkami Registered Member

    Oct 10, 2005
    Windows Vista Home Premium SP1 x64 OEM.
    Windows Firewall - inbound only, no manual settings.
    Windows Update - automatic, though I check occasionally for optional updates.
    IE 7 Protected Mode - I use x64 version mostly, I use x32 version only for flash, also IE7Pro x32 & x64 versions.
    Hardware DEP - standard only, because Vista refuses to delete exceptions and it causes more problems with aplications than it is worth for.
    Other Vista Security - the same services you posted disabled, CCleaner and HijackThis to clean up junk, CureIt for check up, OpenDNS servers.
  10. ASpace

    ASpace Guest

    I started learning the Windows Firewall outgoing control options . So far so good . It seems not that difficult , so one more thing for me :thumb:

    • Windows Firewall with Advanced Security
Thread Status:
Not open for further replies.